PERSONAL AND SENSITIVE PERSONAL DATA OF CHILDREN

(1) Every data fiduciary shall process personal data of children in a
manner that protects and advances the rights and best interests of the
child.

(2) Appropriate mechanisms for age verification and parental consent
shall be incorporated by data fiduciaries in order to process personal
data of children.

(3) Appropriateness of an age verification mechanism incorporated by a
data fiduciary shall be determined on the basis of—

(a) volume of personal data processed;(b) proportion of such personal data likely to be that of children;(c) possibility of harm to children arising out of processing of
personal data; and(d) such other factors as may be specified by the Authority.

(4) The Authority shall notify the following as guardian data
fiduciaries—

(5) Guardian data fiduciaries shall be barred from profiling, tracking,
or behavioural monitoring of, or targeted advertising directed at,
children and undertaking any other processing of personal data that can
cause significant harm to the child.

(6) Sub-section (5) may apply in such modified form, to data fiduciaries
offering counseling or child protection services to a child, as the
Authority may specify.

(7) Where a guardian data fiduciary notified under sub-section
(4)exclusively provides counseling or child protection services to a
child, as under sub-section (6), then such guardian data fiduciary will
not be required to obtain parental consent as set out under sub-section
(2).